Docs/Migration Guide

Migration Guide

Step-by-step instructions for migrating from your current authorization system to PermitNetworks.

Migrating from Homegrown Authorization

Most teams start with custom if/else checks scattered across their codebase. Here's how to centralize them with PermitNetworks.

Before

// Scattered across codebase
if (agent.role === 'admin') {
  if (amount < 10000) {
    if (vendor in approvedList) {
      executePurchase();
    }
  }
}
// No audit trail
// No rate limiting
// No budget tracking

After

// Single authorization call
const decision = await permit
  .authorize({
    agent: agentId,
    action: 'spend',
    resource: 'funds',
    context: { amount, vendor }
  });

if (decision.allowed) {
  executePurchase();
}
// ✓ Audit trail included
// ✓ Rate limits enforced
// ✓ Budget tracked

Migrating from Open Policy Agent (OPA)

OPA is a general-purpose policy engine. PermitNetworks is purpose-built for AI agent authorization with built-in budgets, scoping, and audit trails.

OPA (Rego)

package agent.authz

default allow = false

allow {
  input.action == "spend"
  input.amount <= 1000
  input.agent in data.agents
}

# No built-in budgets
# No scope locking
# 5-15ms latency (REST)
# Manual audit logging

PermitNetworks

{
  "name": "spend-policy",
  "rules": [{
    "action": "spend",
    "effect": "allow",
    "conditions": {
      "maxAmount": 1000,
      "period": "daily"
    }
  }]
}

// ✓ Built-in budget tracking
// ✓ Scope locking
// ✓ <1ms latency (edge)
// ✓ Merkle audit trail

Key advantage: PermitNetworks handles budget aggregation, rate limit windows, and scope boundaries natively. With OPA, you'd need to build and maintain these as custom data sources.

Migrating from Casbin

Casbin provides RBAC/ABAC models for traditional applications. PermitNetworks extends these with agent-specific controls.

Casbin

[request_definition]
r = sub, act, obj

[policy_definition]
p = sub, act, obj

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = r.sub == p.sub
  && r.act == p.act

# Static roles only
# No spending limits
# No time-based scoping

PermitNetworks

{
  "name": "agent-policy",
  "rules": [{
    "action": "spend",
    "effect": "allow",
    "conditions": {
      "maxAmount": 1000,
      "period": "daily"
    }
  }],
  "scope": {
    "allow": ["read:orders"],
    "ttl": 600
  }
}

// ✓ Dynamic context
// ✓ Budget enforcement
// ✓ Time-bounded scopes

Migration Checklist

Inventory all authorization checks in your codebase

Map existing roles/permissions to PermitNetworks policies

Install the SDK and configure your API key

Create policies in the PermitNetworks dashboard

Replace inline auth checks with permit.authorize() calls

Enable audit logging and verify decision records

Set up spending limits for all agents with financial access

Configure scope locking for data-access agents

Run in shadow mode: log decisions without enforcing

Switch to enforcement mode once validated

Need help migrating?

Our team can help you plan and execute your migration. We've helped teams migrate from OPA, Casbin, and custom solutions.